public void Unprotect_KeyRevoked_RevocationDisallowed_ThrowsKeyRevoked() { // Arrange Guid keyId = new Guid("654057ab-2491-4471-a72a-b3b114afda38"); byte[] protectedData = BuildProtectedDataFromCiphertext( keyId: keyId, ciphertext: new byte[0]); var mockDescriptor = new Mock <IAuthenticatedEncryptorDescriptor>(); mockDescriptor.Setup(o => o.CreateEncryptorInstance()).Returns(new Mock <IAuthenticatedEncryptor>().Object); // the keyring has only one key Key key = new Key(keyId, DateTimeOffset.Now, DateTimeOffset.Now, DateTimeOffset.Now, mockDescriptor.Object); key.SetRevoked(); var keyRing = new KeyRing(key, new[] { key }); var mockKeyRingProvider = new Mock <IKeyRingProvider>(); mockKeyRingProvider.Setup(o => o.GetCurrentKeyRing()).Returns(keyRing); IDataProtector protector = new KeyRingBasedDataProtector( keyRingProvider: mockKeyRingProvider.Object, logger: null, originalPurposes: null, newPurpose: "purpose"); // Act & assert var ex = ExceptionAssert2.ThrowsCryptographicException(() => protector.Unprotect(protectedData)); Assert.Equal(Error.Common_KeyRevoked(keyId).Message, ex.Message); }
public void Ctor_Pointer_WithNullPointer_ThrowsArgumentNull() { // Act & assert ExceptionAssert2.ThrowsArgumentNull( testCode: () => new Secret(null, 0), paramName: "secret"); }
public void Unprotect_KeyNotFound_RefreshOnce_ThrowsKeyNotFound() { // Arrange Guid notFoundKeyId = new Guid("654057ab-2491-4471-a72a-b3b114afda38"); byte[] protectedData = BuildProtectedDataFromCiphertext( keyId: notFoundKeyId, ciphertext: new byte[0]); var mockDescriptor = new Mock <IAuthenticatedEncryptorDescriptor>(); var mockEncryptorFactory = new Mock <IAuthenticatedEncryptorFactory>(); mockEncryptorFactory.Setup(o => o.CreateEncryptorInstance(It.IsAny <IKey>())).Returns(new Mock <IAuthenticatedEncryptor>().Object); var encryptorFactory = new AuthenticatedEncryptorFactory(NullLoggerFactory.Instance); // the keyring has only one key Key key = new Key(Guid.Empty, DateTimeOffset.Now, DateTimeOffset.Now, DateTimeOffset.Now, mockDescriptor.Object, new[] { mockEncryptorFactory.Object }); var keyRing = new CacheableKeyRing(CancellationToken.None, DateTimeOffset.MaxValue, key, new[] { key }); var keyRingProvider = CreateKeyRingProvider(new TestKeyRingProvider(keyRing)); IDataProtector protector = new KeyRingBasedDataProtector( keyRingProvider: keyRingProvider, logger: GetLogger(), originalPurposes: null, newPurpose: "purpose"); // Act & assert var ex = ExceptionAssert2.ThrowsCryptographicException(() => protector.Unprotect(protectedData)); Assert.Equal(Error.Common_KeyNotFound(notFoundKeyId).Message, ex.Message); }
public void WriteSecretIntoBuffer_Pointer_NullBuffer_Throws() { // Arrange var secret = Secret.Random(16); // Act & assert ExceptionAssert2.ThrowsArgumentNull( testCode: () => secret.WriteSecretIntoBuffer(null, 100), paramName: "buffer"); }
public void Protect_NullPlaintext_Throws() { // Arrange IDataProtector protector = new KeyRingBasedDataProtector( keyRingProvider: new Mock <IKeyRingProvider>().Object, logger: null, originalPurposes: null, newPurpose: "purpose"); // Act & assert ExceptionAssert2.ThrowsArgumentNull(() => protector.Protect(plaintext: null), "plaintext"); }
public void Protect_HomogenizesExceptionsToCryptographicException() { // Arrange IDataProtector protector = new KeyRingBasedDataProtector( keyRingProvider: new Mock <IKeyRingProvider>(MockBehavior.Strict).Object, logger: null, originalPurposes: null, newPurpose: "purpose"); // Act & assert var ex = ExceptionAssert2.ThrowsCryptographicException(() => protector.Protect(new byte[0])); Assert.IsAssignableFrom(typeof(MockException), ex.InnerException); }
public void Unprotect_PayloadHasIncorrectVersionMarker_ThrowsNewerVersion() { // Arrange IDataProtector protector = new KeyRingBasedDataProtector( keyRingProvider: new Mock <IKeyRingProvider>().Object, logger: null, originalPurposes: null, newPurpose: "purpose"); byte[] badProtectedPayload = BuildProtectedDataFromCiphertext(Guid.NewGuid(), new byte[0]); badProtectedPayload[3]++; // bump the version payload // Act & assert var ex = ExceptionAssert2.ThrowsCryptographicException(() => protector.Unprotect(badProtectedPayload)); Assert.Equal(Resources.ProtectionProvider_BadVersion, ex.Message); }
public void Unprotect_PayloadHasBadMagicHeader_ThrowsBadMagicHeader() { // Arrange IDataProtector protector = new KeyRingBasedDataProtector( keyRingProvider: new Mock <IKeyRingProvider>().Object, logger: null, originalPurposes: null, newPurpose: "purpose"); byte[] badProtectedPayload = BuildProtectedDataFromCiphertext(Guid.NewGuid(), new byte[0]); badProtectedPayload[0]++; // corrupt the magic header // Act & assert var ex = ExceptionAssert2.ThrowsCryptographicException(() => protector.Unprotect(badProtectedPayload)); Assert.Equal(Resources.ProtectionProvider_BadMagicHeader, ex.Message); }
public void Unprotect_PayloadTooShort_ThrowsBadMagicHeader() { // Arrange IDataProtector protector = new KeyRingBasedDataProtector( keyRingProvider: new Mock <IKeyRingProvider>().Object, logger: null, originalPurposes: null, newPurpose: "purpose"); byte[] badProtectedPayload = BuildProtectedDataFromCiphertext(Guid.NewGuid(), new byte[0]); badProtectedPayload = badProtectedPayload.Take(badProtectedPayload.Length - 1).ToArray(); // chop off the last byte // Act & assert var ex = ExceptionAssert2.ThrowsCryptographicException(() => protector.Unprotect(badProtectedPayload)); Assert.Equal(Resources.ProtectionProvider_BadMagicHeader, ex.Message); }
public void Encrypt_CurrentUser_Decrypt_ImpersonatedAsAnonymous_Fails() { // Arrange var originalXml = XElement.Parse(@"<mySecret value='265ee4ea-ade2-43b1-b706-09b259e58b6b' />"); var encryptor = new DpapiXmlEncryptor(protectToLocalMachine: false, loggerFactory: NullLoggerFactory.Instance); var decryptor = new DpapiXmlDecryptor(); // Act & assert - run through encryptor and make sure we get back an obfuscated element var encryptedXmlInfo = encryptor.Encrypt(originalXml); Assert.Equal(typeof(DpapiXmlDecryptor), encryptedXmlInfo.DecryptorType); Assert.DoesNotContain("265ee4ea-ade2-43b1-b706-09b259e58b6b", encryptedXmlInfo.EncryptedElement.ToString(), StringComparison.OrdinalIgnoreCase); // Act & assert - run through decryptor (while impersonated as anonymous) and verify failure ExceptionAssert2.ThrowsCryptographicException(() => AnonymousImpersonation.Run(() => decryptor.Decrypt(encryptedXmlInfo.EncryptedElement))); }